[dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add target queues in flow actions

Nelio Laranjeiro nelio.laranjeiro at 6wind.com
Thu Nov 30 13:28:00 CET 2017

Previous message: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add target queues in flow actions
Next message: [dpdk-dev] rte_eth_bond: Problem with link failure and 8023AD
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Annob,

On Thu, Nov 30, 2017 at 04:16:23PM +0530, Anoob wrote:
> On 11/29/2017 06:20 PM, Nelio Laranjeiro wrote:
> > Hi Anoob,
> > 
> > On Wed, Nov 29, 2017 at 06:00:38PM +0530, Anoob wrote:
> > >     Hi Nelio,
> > > 
> > >     Since support of RSS with inline crypto/protocol is hardware
> > >     implementation dependent, it would be better if there is some sort of
> > >     capability check before setting the flow parameters in the application.
> > > 
> > >     If the hardware doesn't support RSS with inline processing, then the RSS
> > >     flow action will have to be ignored in the driver. This wouldn't look
> > >     right from application's point of view. And also the PMD would need
> > >     application-specific logic to handle such cases, which may not scale well.
> > There is a real issue here, RTE_FLOW API needs a terminal action, security is
> > not one [1] you must have one of the followings: QUEUE, DROP, RSS, PF,
> > VF or PASSTHRU.
> > 
> > Flow API does not work with "capabilities" as the application can verify
> > the rule using the validate().  If it cannot be validated the
> > application can test another kind of rule until the PMD returns a
> > success.
> > 
> > Here, I am proposing the RSS as RSS with a single queue is equivalent to queue.
> > 
> > On Mellanox NIC we need the RSS or QUEUE in ingress and for Egress PASSTHRU
> > is good.
> > 
> > What are your needs?
> Thanks for the clarification. Understood the issue here. On Cavium hardware
> SECURITY will be terminating.

You should finalise with PASSTHRU to be compliant with the API,
otherwise application makers won't understand why it does not work
according to the API implementation.

> So a better approach would be to first check from the application
> (using rte_flow_verify()) if SECURITY is terminating action. If it
> fails, then application can do RSS/QUEUE. That should solve
> the issue.
<snip>

I think we have an agreement here, in order the final action to be
tested:

 1. PASSTHRU
 2. RSS
 3. QUEUE

If those 3 fails, the functions fails to create the rule, the first
succeeding is the one applied.

Do you agree?

Thanks,

-- 
Nélio Laranjeiro
6WIND

Previous message: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add target queues in flow actions
Next message: [dpdk-dev] rte_eth_bond: Problem with link failure and 8023AD
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list